Web-Targeted Attacks Grew Massively in 2006

There has been an explosion in malware attacking web browsers in 2006 in comparison to 2005, according to a research at IBM.

IBM's Internet Security Systems X-Force research team conducted the study to find a gigantic rise in attacks targeting the Web as well as in scripting vulnerabilities. The research found 7,247 vulnerabilities while hackers remotely exploited 88% of them.

According to the study, half of the websites hosting attacks aimed on browsers used different kinds of obfuscation and encryption methods to hide their malware from conventional detection tools.

Web is now the main vector of malicious activity. There are now more attacks through the Web than via e-mail. These threats originate from compromised websites hosting different types of malware, said Sean Richmond, senior technology consultant at Sophos. ZDNetAustralia published Richmond's statement on May 1, 2007.

Unlike the common impression, hackers are not the creators of most malware-infected websites. But these are legitimate sites that hackers have compromised. According to Sophos, 70% of corrupted websites are legitimate sites that succumbed to attacks. This happens when either the sites have weak code or owners don't maintain them properly.

The research also found that malware had become more complex and highly functional. Downloaders were most in the area accounting for 22% of all malware detected. Worms like Luder and Mytob remained dangerous threats while content-based malicious code was on top of threat risks faced by businesses and consumers.

Although malware has grown in number and severity, 60% of companies lack an adequate IT security policy. Therefore, businesses must implement control measures on this threat and safeguard themselves and their customers, said Peter Watkins, CEO of Webroot Software. OnestopClick published this on April 3, 2007.

X-Force analysts found that the number of vulnerability detections in April 2007 increased 5% over March 2007. But the same decreased by 7% annually.

Cyber miscreants have sharpened their weapons to beat traditional client-side protection solutions and make cyber crime profitable. The distinguishing line between classic threats is diminishing making it difficult to deal with cyber threats, said the authors of the report. ITPRO reported this on May 16, 2007.